0

I'm trying to make the admin section only accessible for admin users using FOSUserBundle.

However if I go to the admin url (www.foo.local/app_dev.php/admin) without authentication, it allows me access.

In the Symfony debug toolbar it shows Logged in as anon.

I have configured the FOSUserBundle following the official documentation

Here is the security.yml config:

security:
    encoders:
        FOS\UserBundle\Model\UserInterface: sha512

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: ROLE_ADMIN

    providers:
        fos_userbundle:
            id: fos_user.user_provider.username

    firewalls:
        main:
            pattern: ^/
            form_login:
                provider: fos_userbundle
                csrf_provider: form.csrf_provider
            logout:       true
            anonymous:    true 

    access_control:
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/, role: ROLE_ADMIN }

I don't know why it doesn't ask for the ROLE_ADMIN in order to allow access to the admin section, any ideas?

4

1 回答 1

1

我想那是因为你的规则说

- { path: ^/admin/, role: ROLE_ADMIN }

意思是

www.foo.local/app_dev.php/admin/one
www.foo.local/app_dev.php/admin/two

注意管理员后的“/”

在哪里

www.foo.local/app_dev.php/admin

不满足规则,因为它最后缺少'/'

尝试将规则更改为

- { path: ^/admin, role: ROLE_ADMIN }
于 2014-12-02T17:52:29.770 回答